mirror of
https://github.com/MariaDB/server.git
synced 2025-01-28 17:54:16 +01:00
e02749aaf5
numerous issues fixed: * buffer overflows * error conditions aren't checked (crash if file doesn't exist) * accessing random unallocated memory * hard-coded password * arbitrary hard-coded key id limit * incomprehensible error messages (for key_id == 0 it reported "The key could not be initialized", for syntax errors the message was "Wrong match of the keyID, see the template", for a key id larger than hard-coded limit the message was "No asked key", and there was an error "Is comment" for a comment). * tons of small mallocs, many are freed few lines down in the code * malloc(N) and new char[N] are used both, even in the same function * redundant memory copies * pcre - "I can solve it with regular expressions" - with incorrect regexes * parser context stored in a singleton * keys are stored as strings and are strlen-ed and hex2bin-ed on every get_key() request * lots of useless code (e.g. sprintf instead of a pointer assignment, checking of the file length to read a part of it in a fixed buffer, multiplying by sizeof(char) in many places, etc) * this list is not exhaustive |
||
|---|---|---|
| .. | ||
| audit_null | ||
| auth_dialog | ||
| auth_examples | ||
| auth_pam | ||
| auth_socket | ||
| cracklib_password_check | ||
| daemon_example | ||
| debug_key_management | ||
| example_key_management | ||
| feedback | ||
| file_key_management | ||
| fulltext | ||
| handler_socket | ||
| locale_info | ||
| metadata_lock_info | ||
| qc_info | ||
| query_response_time | ||
| semisync | ||
| server_audit | ||
| simple_password_check | ||
| sql_errlog | ||
| userstat | ||
| win_auth_client | ||
| wsrep_info | ||